[kernel] r19598 - dists/squeeze-security/linux-2.6/debian/patches/bugfix/all

[Ben Hutchings]

Author: benh
Date: Sun Dec  9 22:54:54 2012
New Revision: 19598

Log:
Fix memory leak in backported fix for CVE-2012-4398

Modified:
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/kmod-make-__request_module-killable.patch

Modified: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/kmod-make-__request_module-killable.patch
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/kmod-make-__request_module-killable.patch	Sun Dec  9 22:00:02 2012	(r19597)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/kmod-make-__request_module-killable.patch	Sun Dec  9 22:54:54 2012	(r19598)
@@ -26,19 +26,20 @@
     Cc: David Rientjes <rientjes at google.com>
     Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
     Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
-    [dannf: backported to Debian's 2.6.32]
+    [dannf, bwh: backported to Debian's 2.6.32]
 
 diff --git a/kernel/kmod.c b/kernel/kmod.c
 index 09e10c3..553ce09 100644
 --- a/kernel/kmod.c
 +++ b/kernel/kmod.c
-@@ -50,16 +50,45 @@ static struct workqueue_struct *khelper_wq;
+@@ -50,16 +50,48 @@ static struct workqueue_struct *khelper_wq;
  */
  char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe";
  
 +static void free_modprobe_argv(char **argv, char **envp)
 +{
-+        kfree(argv);
++	kfree(argv[3]); /* check call_modprobe() */
++	kfree(argv);
 +}
 +
  static int call_modprobe(char *module_name, int wait)
@@ -67,12 +68,14 @@
 +
 +	info = call_usermodehelper_setup(argv[0], argv, envp, GFP_ATOMIC);
 +	if (!info)
-+		goto free_argv;
++		goto free_module_name;
 +
 +	call_usermodehelper_setcleanup(info, free_modprobe_argv);
 +
 +	return call_usermodehelper_exec(info, wait | UMH_KILLABLE);
 +
++free_module_name:
++	kfree(module_name);
 +free_argv:
 +	kfree(argv);
 +out: